Configure $connection_upgrade and set X-Real-IP

2023-12-31 15:25:13 +01:00 · 2023-12-31 15:25:13 +01:00 · 64f09eded2
parent df2172d72b
commit 64f09eded2
5 changed files with 22 additions and 6 deletions
--- a/roles/apps/tasks/extra_tasks/nginx.yml
+++ b/roles/apps/tasks/extra_tasks/nginx.yml
@ -1,19 +1,19 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
- name: Create subdirectory for nginx config files
+- name: Create subdirectory for NGINX config files
  ansible.builtin.file:
    path: "{{ apps_data_root }}/nginx/data/conf.d"
    owner: root
    mode: u=rwx,g=rx,o=rx
    state: directory

- name: Copy nginx configs
+- name: Copy NGINX configs
  ansible.builtin.template:
-    src: nginx/conf.d/{{ app }}.conf.j2
-    dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ app }}.conf"
+    src: nginx/conf.d/{{ config }}.conf.j2
+    dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ config }}.conf"
    owner: root
    mode: u=rw,g=r,o=r
-  loop: "{{ apps_proxied }}"
+  loop: "{{ ['http', apps_proxied] | flatten }}"
  loop_control:
-    loop_var: app
+    loop_var: config
--- a/roles/apps/templates/nginx/conf.d/http.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/http.conf.j2
@ -0,0 +1,11 @@
+{# code: language=ansible-jinja #}
+# THIS FILE IS MANAGED BY ANSIBLE
+
+set_real_ip_from {{ proxy_host }};
+real_ip_header X-Forwarded-For;
+real_ip_recursive on;
+
+map $http_upgrade $connection_upgrade {  
+    default upgrade;
+    ''      close;
+}
--- a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2
@ -12,6 +12,7 @@ server {

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
+        proxy_set_header X-Real-IP $remote_addr;
    }
 }

@ -23,7 +24,9 @@ server {
        resolver 127.0.0.11 valid=30s;
        set $upstream http://ipfs:8080;
        proxy_pass $upstream;
+
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
+        proxy_set_header X-Real-IP $remote_addr;
    }
 }
--- a/roles/apps/templates/nginx/conf.d/monerod.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/monerod.conf.j2
@ -12,5 +12,6 @@ server {

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
+        proxy_set_header X-Real-IP $remote_addr;
    }
 }
--- a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
@ -12,6 +12,7 @@ server {

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
+        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;